' . get_search_query() . '' ); ?>

}}}
`get_search_query()` does not feature any sanitization, so the search string is displayed raw.
To show the vulnerability, write a post with the following content and publish it:
{{{
This is a link
}}}
Now enter that same string into the search box. The post will show up in the results as expected, but you'll get `Search Results for: This is a link` (which is clickable) instead of the actual search string.
Luckily Twenty Ten shows ""Nothing Found"" if there's no results, so this requires the string to be located in a post.
Still needs to be fixed though. See attached patch.",defect (bug),closed,high,3.0,Security,3.0,major,fixed,,,